Re: [Xen-devel] [PATCH v2 for-4.10] x86/mm: Make PV linear pagetables optional

[Julien Grall <julien.grall@xxxxxxxxxx>]

Hi George,

On 18/10/17 11:51, George Dunlap wrote:
> Allowing pagetables to point to other pagetables of the same level
> (often called 'linear pagetables') has been included in Xen since its
> inception; but recently it has been the source of a number of subtle
> reference-counting bugs.
>
> It is not used by Linux or MiniOS; but it used used by NetBSD and
> Novell Netware.  There are significant numbers of people who are never
> going to use the feature, along with significant numbers who need the
> feature.
>
> Add a Kconfig option for the feature (default to 'y').  Also add a
> command-line option to control whether PV linear pagetables are
> allowed (default to 'true').
>
> NB that we leave linear_pt_count in the page struct.  It's in a union,
> so its presence doesn't increase the size of the data struct.
> Changing the layout of the other elements based on configuration
> options is asking for trouble however; so we'll just leave it there
> and ASSERT that it's zero.
>
> Reported-by: Jann Horn <jannh@xxxxxxxxxx>
> Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
> ---
> Changes since v1
> - Remove stray blank lines added from previous patch
> - Leave pg->linear_pt_count present, assert it's 0
> - Rename variable to opt_pv_linear_pt
> - Add spaces around #ifdef/#else/#endif for large code block
> - Add /* CONFIG_LINEAR_PV_PT */ after #else/#endif for clarity
> - Correct documented default value
> - Mention in documentation that the option is only available if configured
> - Move config option to below PV (for the day when we make that selectable)
>
> Changes since XSA
> - Add a Kconfig option
> - Default to 'on' (rather than 'off').
>
> Release justification: This was originally part of a security fix
> embargoed until after the freeze date; it wasn't checked in with the
> other security patches in order to allow a discussion about the
> default.
On the basis it was part of the XSA:

Release-acked-by: Julien Grall <julien.grall@xxxxxxxxxx>

> diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
> index 64955dc017..a8bbaa652b 100644
> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -37,6 +37,26 @@ source "arch/Kconfig"
>   config PV
>         def_bool y
>   
> +config PV_LINEAR_PT
> +       bool "Support for PV linear pagetables"
> +       depends on PV
> +       default y
> +       ---help---
> +         Linear pagetables (also called "recursive pagetables") refers
> +         to the practice of a guest operating system having pagetable
> +         entries pointing to other pagetables of the same level (i.e.,
> +         allowing L2 PTEs to point to other L2 pages).  Some operating
> +         systems use it as a simple way to consisently map the current
s/consisently/consistently/

> +         process's pagetables into its own virtual address space.
> +
> +         Linux and MiniOS don't use this technique.  NetBSD and Novell
> +         Netware do; there may be other custom operating systems which
> +         do.  If you're certain you don't plan on having PV guests
> +         which use this feature, turning it off can reduce the attack
> +         surface.
> +
> +         If unsure, say Y.
> +
>   config HVM
>         def_bool y
>   
Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel